Developer & maintainer of BtleJuice. Having fun with Nordic's nrf51822
|
|
- Lambert Barrett
- 5 years ago
- Views:
Transcription
1 YOU'D BETTER SECURE YOUR BLE DEVICES OR WE'LL KICK YOUR DEF CON 26, Aug. 12th 2018
2 WHO AM I? Head of Econocom Digital Security Studying Bluetooth Low Energy for 3 years Developer & maintainer of BtleJuice Having fun with Nordic's nrf51822
3 BLE sniffing 101 AGENDA Improving the BLE arsenal Sniffing BLE connections in 2018 Introducing BtleJack, a flexible sniffing tool BtleJacking: a brand new attack How it works Vulnerable devices & demos Recommendations
4 BLE SNIFFING 101
5 MUCH CHEAP TOOLS, (NOT) WOW RESULTS Sniffing existing/new connections with an Ubertooth One Sniffing new connections with an Adafruit's Bluefruit LE Sniffer Sniffing BLE packets with gnuradio
6 UBERTOOTH ONE Sniffs existing and new connections Does not support channel map updates Costs $120
7 BLUEFRUIT LE SNIFFER Up-to-date so ware (Nov. 2017) Proprietary firmware from Nordic Semiconductor Sniffs only new connections Costs $30 - $40
8 SOFTWARE DEFINED RADIO Sniffs only BLE advertisements Unable to follow any existing/new connection Latency Requires 2.4GHz compatible SDR device
9 BLE SNIFFING 101 BLE is designed to make sniffing difficult: 3 separate advertising channels Uses Frequency Hopping Spread Spectrum (FHSS) Master or slave can renegotiate some parameters at any time Sniffing BLE connections is either hard or expensive
10 MAN IN THE MIDDLE
11 HOW BLE MITM WORKS Discover the target device (advertisement data, services & characteristics) Connect to this target device, it is not advertising anymore (connected state) Advertise the same device, await connections and forward data
12 BTLEJUICE
13 GATTACKER
14 Pros: Get rid of the 3 advertising channels issue You see every BLE operation performed You may tamper on-the-fly the data sent or received
15 Cons: Complex to setup: 1 VM & 1 Host computer Only capture HCI events, not BLE Link Layer Does not support all types of pairing Only compatible with 4.0 adapters
16 WE ARE DOING IT WRONG! Ubertooth-btle is outdated and does not work with recent BLE stacks Nordic Semiconductor' sniffer is closed source and does not allow active connection sniffing and may be discontinued The MitM approach seems great but too difficult to use and does not intercept link-layer packets
17 IMPROVING THE BLE ARSENAL
18 THE IDEAL TOOL Able to sniff existing and new connections Uses cheap hardware Open-source
19 SNIFFING ACTIVE CONNECTIONS
20 MIKE RYAN'S TECHNIQUE 1. Identify Access Address (32 bits) 2. Recover the CRCInit value used to compute CRC 3. hopinterval = time between two packets / hopincrement = LUT[time between channel 0 & 1]
21 MIKE'S ASSUMPTION (2013) All 37 data channels are used
22 DATA CHANNELS IN 2018 Not all channels are used to improve reliability Some channels are remapped to keep a 37 channels hopping sequence 0, 4, 8, 12, 16, 20, 24, 0, 4, 8, 3, 7, 11, 15, 19, 23, 27, 3, 7, 2, 6, 10, 14, 18, 22, 26, 2, 6, 1, 5, 9, 13, 17, 21, 25, 1, 5 Mike's technique does not work anymore!
23 HOW TO DEDUCE CHANNEL MAP AND HOP INTERVAL Channel map Listen for packets on every possible channels May take until 4 x 37 seconds to determine! Hop interval Find a unique channel Measure time between 2 packets and divide by 37
24 DEDUCE HOP INCREMENT Pick 2 unique channels Generate a lookup table Measure time between two packets on these channels Determine increment value More details in PoC GTFO 0x17
25 SNIFFING NEW CONNECTIONS
26 CONNECT_REQ PDU Every needed information are in this packet Sniffer must listen on the correct channel
27 "INSTANT" MATTERS Defines when a parameter update is effective Used for: Channel map updates Hop interval updates
28 WE DON'T CARE AT ALL
29 WE DON'T CARE AT ALL
30 WE DON'T CARE AT ALL
31 WE DON'T CARE AT ALL
32 WE DON'T CARE AT ALL
33 MULTIPLE SNIFFERS FOR THE ULTIMATE SNIFFING TOOL
34 A BRAND NEW TOOL...
35 ... BASED ON A MICRO:BIT $15
36 BTLEJUICE
37 BTLEJUICEJACKJACK
38 NO LIVE DEMO, I KNOW YOU.
39 SNIFFING A NEW CONNECTION
40 SNIFFING AN EXISTING CONNECTION
41 PCAP EXPORT Supports Nordic and legacy BTLE formats
42 BTLEJACKING A NEW ATTACK ON BLE
43 SUPERVISION TIMEOUT Defined in CONNECT_REQ PDU Defines the time a er which a connection is considered lost if no valid packets Enforced by both Central and Peripheral devices
44
45 SUPERVISION TIMEOUT VS. JAMMING
46 SUPERVISION TIMEOUT VS. JAMMING
47 SUPERVISION TIMEOUT VS. JAMMING
48 SUPERVISION TIMEOUT VS. JAMMING
49 SUPERVISION TIMEOUT VS. JAMMING
50 SUPERVISION TIMEOUT VS. JAMMING
51 SUPERVISION TIMEOUT VS. JAMMING
52 JAMMING FTW
53 BTLEJACKING Abuse BLE supervision timeout to take over a connection BLE versions 4.0, 4.1, 4.2 and 5 are vulnerable Requires proximity (about 5 meters away from target)
54 EXAMPLE OF VULNERABLE DEVICES
55
56
57 SEXTOYS TOO!
58
59
60
61
62 IMPACT Unauthorized access to a device, even if it is already connected Bypass authentication, if authentication is performed at the start of connection Keep the device internal state intact: this may leak valuable information
63 COUNTER-MEASURES Use BLE Secure Connections (see specifications) At least authenticate data at application layer
64 BTLEJACK
65 FEATURES Already established BLE connection sniffing New BLE connection sniffing Selective BLE jamming BLE connection take-over (btlejacking) PCAP export to view dumps in Wireshark Multiple sniffers support
66 CONCLUSION Btlejack is an all-in-one solution for BLE sniffing, jamming and hijacking BLE hijacking works on all versions Insecured BLE connections are prone to sniffing and hijacking It might get worse with further versions of BLE (greater range) Secure your BLE connections FFS (really, do it)
67 THANKS! QUESTIONS?
68 WHY DIDN'T YOU IMPROVE UBERTOOTH-BTLE CODE? I am a lot more familiar with nrf51 SoCs than LPC microcontrollers Buying 3 Ubertooth devices ($360) is not cheap
69 HOW DID YOU MAKE YOUR CLUSTER? From a modified ClusterHat v2 ($30)
CIS 700/002 : Special Topics : Bluetooth: With Low Energy comes Low Security
CIS 700/002 : Special Topics : Bluetooth: With Low Energy comes Low Security Kamenee Arumugam CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering
More informationClick to edit Master title style Buzzing Smart Devices
Click to edit Master title style Buzzing Smart Devices Smart Watch Hacking 1 Click to edit Master title style I Have A Question.? 2 Click to edit Master title style Why CATS Everywhere?????? Cats are Evil
More informationBluetooth Smart: The Good, The Bad, The Ugly... and The Fix
Bluetooth Smart: The Good, The Bad, The Ugly... and The Fix Mike Ryan isec Partners Black Hat USA Aug 01, 2013 1 Why Bluetooth Smart? Because it's appearing EVERYWHERE 2 Why Bluetooth Smart? (2) 186% YoY
More informationUnencrypted Mouse Packet
MouseJack Injecting Keystrokes into Wireless Mice Marc Newlin Bastille Threat Research Team February 12, 2016 Abstract MouseJack is a collection of security vulnerabilities affecting non-bluetooth wireless
More informationPM0257. BlueNRG-1, BlueNRG-2 BLE stack v2.x programming guidelines. Programming manual. Introduction
Programming manual BlueNRG-1, BlueNRG-2 BLE stack v2.x programming guidelines Introduction The main purpose of this document is to provide a developer with some reference programming guidelines about how
More informationAditya Gupta presents: Hacking Bluetooth Low Energy for Internet of Things
Aditya Gupta (@adi1391) presents: Hacking Bluetooth Low Energy for Internet of Things About the Workshop AGENDA? + Internals of BLE + BLE Security + Interacting with BLE devices + Sniffing BLE traffic
More informationHacking challenge: steal a car!
Hacking challenge: steal a car! Your "local partner in crime" Sławomir Jasek IT security expert since 2005, and still loves this job Agenda BLE vs security How to hack the car New tool Vulnerabilities
More informationWireless Sensor Networks BLUETOOTH LOW ENERGY. Flavia Martelli
Wireless Sensor Networks BLUETOOTH LOW ENERGY Flavia Martelli flavia.martelli@unibo.it Outline Introduction Applications Architecture Topology Controller specifications: Physical Layer Link Layer Host
More informationDEEP ARMOR. Hands-on Exploitation & Hardening of Wearable and IoT Platforms. Sumanth Naropanth & Sunil Kumar
DEEP ARMOR Hands-on Exploitation & Hardening of Wearable and IoT Platforms Sumanth Naropanth & Sunil Kumar Agenda Technical overview of an IoT/wearable ecosystem Building blocks Communication Protocols
More informationComputer Networks II Advanced Features (T )
Computer Networks II Advanced Features (T-110.5111) Bluetooth, PhD Assistant Professor DCS Research Group Based on slides previously done by Matti Siekkinen, reused with permission For classroom use only,
More informationWhat can a small device do in modern industrial World.
What can a small device do in modern industrial World Alexey.Polyakov@kaspersky.com Konstantin.Sapronov@kaspersky.com Agenda Smart badge Sub 1Ghz RF Demo with RFCat Smart Grids Inside Smart Meters Threats
More informationBluetooth. Quote of the Day. "I don't have to be careful, I've got a gun. -Homer Simpson. Stephen Carter March 19, 2002
Bluetooth Stephen Carter March 19, 2002 Quote of the Day "I don't have to be careful, I've got a gun. -Homer Simpson 1 About Bluetooth Developed by a group called Bluetooth Special Interest Group (SIG),
More informationSMART Technologies. Introducing bluetooth low energy and ibeacon
SMART Technologies Introducing bluetooth low energy and ibeacon In real life you may call me Frederick Bousson Competence Leader Mobile @ Ordina Smartphone as life s remote control Focus on Software Development
More informationWelcome to my presentation: Message Denial and Alteration on IEEE Low- Power Radio Networks.
Welcome to my presentation: Message Denial and Alteration on IEEE 802.15.4 Low- Power Radio Networks. This presentation discusses the susceptibility of IEEE 802.15.4 radio networks to several different
More informationPerformance Evaluation of Bluetooth Low Energy Communication
SCITECH Volume 7, Issue 2 RESEARCH ORGANISATION April 28, 2018 Journal of Information Sciences and Computing Technologies www.scitecresearch.com/journals Performance Evaluation of Bluetooth Low Energy
More informationKW41Z IEEE and BLE Coexistence Performance
NXP Semiconductors Document Number: AN12231 Application Note Rev. 0, 08/2018 KW41Z IEEE 802.15.4 and BLE Coexistence Performance MWS module 1. About this manual This document aims to evaluate the performance
More informationBluetooth Low Energy Protocol Stack
APPLICATION NOTE Bluetooth Low Energy Protocol Stack R01AN2469EJ0113 Rev.1.13 Introduction This manual describes the installation, configuration and usage of. The tool controls the Renesas Bluetooth low
More informationBluetooth low energy technology Bluegiga Technologies
Bluetooth low energy technology Bluegiga Technologies Topics Background What is Bluetooth low energy? Basic concepts Architecture Differentiation and comparison Markets and applications Background Background
More informationAdafruit Feather nrf52840 Express
Adafruit Feather nrf52840 Express PRODUCT ID: 4062 The Adafruit Feather nrf52840 Express is the new Feather family member with Bluetooth Low Energy and native USB support featuring the nrf52840! It's our
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationReal-time Bluetooth Device Detection with Blue Hydra. Granolocks Zero_Chaos
Real-time Bluetooth Device Detection with Blue Hydra Granolocks Zero_Chaos Granolocks Narcissus Pwnie Express Focused on device detection Enjoys long walks in the woods Travel to exotic locations Draws
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationOutsmarting Bluetooth Smart. Mike Ryan. isec Patners. CanSecWest. Mar 14, 2014
Outsmarting Bluetooth Smart Mike Ryan isec Patners CanSecWest Mar 14, 2014 1 Quick Note Bluetooth Smart Bluetooth Low Energy BLE all the same thing! 2 A Brief History of BLE Bluetooth 4.0 BLE explosion
More informationInside Bluetooth Low Energy
Inside Bluetooth Low Energy Naresh Gupta BOSTON LONDON artechhouse.com Contents Preface Acknowledgments Foreword xix xxiii xxv Introduction 1 1.1 Introduction to Wireless Communication 1 1.2 Data Rates
More informationImplementing A Bluetooth Stack on UEFI
Implementing A Bluetooth Stack on UEFI Tony C.S. Lo Senior Manager American Megatrends Inc. presented by UEFI Plugfest October 2014 Agenda Introduction Bluetooth Architecture UEFI Bluetooth Stack Summary
More informationIntroduction to Bluetooth Low Energy
Introduction to Bluetooth Low Energy Qualcomm Bluetooth Low Energy Terminology clarification In this document you will notice a number of references are made to Qualcomm Bluetooth Low Energy SDK. While
More informationWireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS
How to Set Up a Secure Home Wireless Network What you don t know about setting up a home wireless network can hurt you. 2008 APCUG Convention Session Tom Jones, P.E., RCDD-NTS CQS-CWLSS AGENDA Some Terms
More informationnblue TM BR-MUSB-LE4.0-S2A (CC2540)
Page 1 of 5 Copyright 2002-2014 BlueRadios, Inc. Bluetooth 4.0 Low Energy Single Mode Class 1 SoC USB Serial Dongle nblue TM BR-MUSB-LE4.0-S2A (CC2540) AT HOME. AT WORK. ON THE ROAD. USING BLUETOOTH LOW
More informationBeetle: Many-to-many communication in Bluetooth LE. Amit Levy, Laurynas Riliskis, Philip Levis, David Mazières, and Keith Winstein
Beetle: Many-to-many communication in Bluetooth LE Amit Levy, Laurynas Riliskis, Philip Levis, David Mazières, and Keith Winstein The ideal Internet of Things The Internet of Things today It's Not An
More informationUse of ISP1880 Accelero-Magnetometer, Temperature and Barometer Sensor
Use of Accelero-Magnetometer, Temperature and Barometer Sensor Application Note AN181105 Introduction Scope This application note describes how to set up a Sensor demonstration with Sensors Board that
More informationGuide to Wireless Communications, 3 rd Edition. Objectives
Guide to Wireless Communications, 3 rd Edition Chapter 5 Wireless Personal Area Networks Objectives Describe a wireless personal area network (WPAN) List the different WPAN standards and their applications
More informationAmarjeet Singh. February 7, 2012
Amarjeet Singh February 7, 2012 References Bluetooth Protocol Architecture v.1 www.bluetooth.org http://www.tutorial-reports.com/wireless/bluetooth/ Slides from last class uploaded on the course website
More informationBluetooth LE 4.0 and 4.1 (BLE)
Bluetooth LE 4.0 and 4.1 (BLE) Lab 11 Lunch April 23rd, 2014 Noah Klugman Josh Adkins 1 Outline History of Bluetooth Introduction to BLE Architecture Controller Host Applications Power Topology Example:
More informationIOActive Labs: Breaking Embedded Devices
IOActive Labs: Breaking Embedded Devices Mike Davis Joshua Hammond Thomas Kilbride Daniel Schaffner IOActive is the only global security consultancy with a state-of-the-art hardware lab and deep expertise
More informationBlack Hat USA 2016 Survey Report
1 Monthly Research 2016.08 Black Hat USA 2016 Survey Report E-Mail: research-feedback[at]ffri.jp Twitter: @FFRI_Research FFRI, Inc. http://www.ffri.jp Contents About Black Hat USA Hot Research Vehicle
More informationBLUETOOTH LOW ENERGY: THE DEVELOPER'S HANDBOOK BY ROBIN HEYDON
BLUETOOTH LOW ENERGY: THE DEVELOPER'S HANDBOOK BY ROBIN HEYDON DOWNLOAD EBOOK : BLUETOOTH LOW ENERGY: THE DEVELOPER'S Click link bellow and free register to download ebook: BLUETOOTH LOW ENERGY: THE DEVELOPER'S
More informationSession 1 exercise Download and save locally. When completing the exercise, please mail it to
Download and save locally. When completing the exercise, please mail it to adva@mercantec.dk WLAN windows 7/8 Let s examine your windows 7/8 laptop WLAN capabilities. Open a commando prompt as administrator,
More informationICC. Modbus RTU Sniffer Driver Manual INDUSTRIAL CONTROL COMMUNICATIONS, INC Industrial Control Communications, Inc.
INDUSTRIAL CONTROL COMMUNICATIONS, INC. Modbus RTU Sniffer Driver Manual April 3, 2017 2017 Industrial Control Communications, Inc. TABLE OF CONTENTS 1 Modbus RTU Sniffer... 2 1.1 Overview... 2 1.2 Sniffer
More informationBluetooth. March 28, 2005 Patrick Lui
Bluetooth March 28, 2005 Patrick Lui 0053252 1. Introduction As our everyday lives move closer towards complete digital age, connectivity between devices is an important aspect that has not been emphasized
More informationBluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017
Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017 Common Types of Attack Man-In-The-Middle Passive Eavesdropping Man-in-the-Middle (MITM) attack Active eavesdropping
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationBluetooth Low Energy (Bluetooth Smart)
Bluetooth Low Energy (Bluetooth Smart) MSE, BLE, 1 References [1] Specification Core Version 4.0: http://www.bluetooth.org/technical/specifications/adopted.htm [2] wikipedia, Bluetooth, March 2012, http://de.wikipedia.org/wiki/bluetooth
More informationControlling electrical home appliances, using Bluetooth Smart Technology (October 2015) Pedro José Vieira da Silva
1 Controlling electrical home appliances, using Smart Technology (October 2015) Pedro José Vieira da Silva Abstract This report presents and describes a Home Energy Management system that accomplish Home
More informationClear Hat Consulting, Inc.
Clear Hat Consulting, Inc. www.clearhatconsulting.com Assessment of Software & Hardware Approaches to Building a USB Fuzzer 1. Background The USB protocol defines communication between a host controller
More informationBeetle: Operating System Support for the Internet of Things
Beetle: Operating System Support for the Internet of Things Amit Levy, James Hong, Laurynas Riliskis, Philip Levis, David Mazières, and Keith Winstein The Internet of Things Ideal Future The Internet of
More informationPwning KNX & ZigBee Networks
Pwning KNX & ZigBee Networks About US HuiYu Wu (Nicky) Bug Hunter Winner of GeekPwn 2015 Speaker of POC2017 http://www.droidsec.cn YuXiang Li (Xbalien) Major experience is in Mobile Security and found
More informationBluetooth Vulnerability Assessment
Bluetooth Vulnerability Assessment 175 Lakeside Ave, Room 300A 04/20/2017 Phone: (802) 865-5744 http://lcdiblog.champlain.edu/ Fax: (802) 865-6446 Disclaimer: This document contains information based on
More informationCYBER ATTACKS EXPLAINED: WIRELESS ATTACKS
CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these
More informationWIRELESS TECHNOLOGIES
WIRELESS TECHNOLOGIES Bluetooth, ZigBee and ANT Thomas Aasebø OVERVIEW What are wireless sensor networks? What are personal area networks? What are these networks typically used for? Bluetooth, ZigBee
More informationCSE 123A Computer Netwrking
CSE 123A Computer Netwrking Winter 2005 Mobile Networking Alex Snoeren presenting in lieu of Stefan Savage Today s s issues What are implications of hosts that move? Remember routing? It doesn t work anymore
More informationBluetooth Serial Port Adapter Optimization
Tomas Henriksson 2008-01-15 cbproduct-0701-03 (7) 1 (15) Bluetooth Serial Port Adapter Optimization For the third version connectblue serial port adapter products, there are some additional AT commands
More informationEthical Hacking and. Version 6. Module XXXVII Bluetooth Hacking
Ethical Hacking and Countermeasures Version 6 Module XXXVII Bluetooth Hacking News Source: http://www.fin24.co.za/ Module Objective This module will familiarize you with: Bluetooth Security Issues in Bluetooth
More informationPost Connection Attacks
Post Connection Attacks All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. We saw how we can control all
More informationThe Pennsylvania State University. The Graduate School. School of Science, Engineering and Technology POWER OPTIMIZATION IN BLUETOOTH LOW ENERGY
The Pennsylvania State University The Graduate School School of Science, Engineering and Technology POWER OPTIMIZATION IN BLUETOOTH LOW ENERGY IMPLEMENTED THROUGH A SYSTEM ON CHIP NRF51 AND APPLE NOTIFICATION
More informationSecure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures By Chris Karlof and David Wagner Lukas Wirne Anton Widera 23.11.2017 Table of content 1. Background 2. Sensor Networks vs. Ad-hoc
More informationSensor-to-cloud connectivity using Sub-1 GHz and
Sensor-to-cloud connectivity using Sub-1 GHz and 802.15.4 Nick Lethaby, IoT, Ecosystem Manager, Texas Instruments Agenda Key design considerations for a connected IoT sensor Overview of the Sub-1 GHz band
More informationGSM Open-source intelligence
GSM Open-source intelligence Kenneth van Rijsbergen 1 1 MSc System and Network Engineering Faculty of Science University of Amsterdam 30 June 2016 Kenneth van Rijsbergen University of Amsterdam GSM OSINT
More informationENVIRONMENTAL SENSING PROFILE
ENVIRONMENTAL SENSING PROFILE Bluetooth Profile Specification Date 2014-Nov-18 Revision Group Prepared By SFWG Feedback Email sf-main@bluetooth.org Abstract: This profile enables a Collector device to
More informationTiming Attacks Made Practical
Timing Attacks Made Practical Timothy D. Morgan Blindspot Security Jason W. Morgan Ohio State Timothy D. Morgan Founder & Chief Pwner Blindspot Security Jason W. Morgan, Ph.D. Post-Doctoral Researcher
More informationWhen the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft
When the Lights go out Hacking Cisco EnergyWise Version: 1.0 Date: 7/1/14 Classification: Author(s): Public Ayhan Koca, Matthias Luft TABLE OF CONTENT 1 HANDLING... 5 1.1 DOCUMENT STATUS AND OWNER... 5
More informationA Survey on Security Threats and Vulnerability attacks on Bluetooth Communication
A Survey on Security Threats and Vulnerability attacks on Bluetooth Communication Trishna Panse #, Prashant Panse * # Department of Information Technology, RGPV Sushila Devi Bansal College of Technology,
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationManage Mobile Security Incidents Like A Boss
Manage Mobile Security Incidents Like A Boss Ismail Guneydas Security Manager/Faculty Kimberly Clark/Texas A&M 10/02/2015 Legal Notice From My Lawyer The opinions expressed in this presentation represent
More informationCommunications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage
CSE 123b CSE 123b Communications Software Spring 2003 Lecture 10: Mobile Networking Stefan Savage Quick announcement My office hours tomorrow are moved to 12pm May 6, 2003 CSE 123b -- Lecture 10 Mobile
More informationQuick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003
CSE 123b Communications Software Quick announcement My office hours tomorrow are moved to 12pm Spring 2003 Lecture 10: Mobile Networking Stefan Savage May 6, 2003 CSE 123b -- Lecture 10 Mobile IP 2 Last
More informationDEVELOPMENT TEAM: Jeremiah Prousalis: Project Lead Firmware Lead Bluetooth Module Interfacing
DEVELOPMENT TEAM: Jeremiah Prousalis: Project Lead Firmware Lead Bluetooth Module Interfacing Nathaniel Bradley: Hardware Lead Analog IR Design Power System Design Jesus Castro: Software Lead Android Application
More informationCS 716: Introduction to communication networks. - 9 th class; 19 th Aug Instructor: Sridhar Iyer IIT Bombay
CS 716: Introduction to communication networks - 9 th class; 19 th Aug 2011 Instructor: Sridhar Iyer IIT Bombay Contention-based MAC: ALOHA Users transmit whenever they have data to send Collisions occur,
More informationSecure Communications Over a Network
Secure Communications Over a Network Course: MITS:5400G Proffessor: Dr. Xiaodong Lin By: Geoff Vaughan 100309160 March 20th 2012 Abstract The purpose of this experiment is to transmit an encrypted message
More informationAccelerated Connection Establishment (ACE) Mechanism for Bluetooth Low Energy
2014 IEEE 25th International Symposium on Personal, Indoor and Mobile Radio Communications Accelerated Connection Establishment (ACE) Mechanism for Bluetooth Low Energy Konstantin Mikhaylov Centre for
More informationCase Studies, Lessons Learned. Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University
Case Studies, Lessons Learned Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University Case Study Overview 3 different types of cases Troubleshooting We have systems
More informationAttacking Mobile-Terminated Services in GSM
Berlin Institute of Technology FG Security in Telecommunications Weiss Attacking Mobile-Terminated Services in GSM TelcoSecDay 2013 Nico Golde, Kevin Redon, Heidelberg, March 12th 2013 nico@sec.t-labs.tu-berlin.de
More informationCSE 123b Communications Software
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Stefan Savage Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to
More informationQuick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to be part of the
More informationBLE MODULE SPECIFICATIONS
WIRELESS-TAG BLE MODULE SPECIFICATIONS nrf51-01/02/dk Bluetooth Low Energy (BLE) module of nrf51-01/02 is the next generation BLE module released by SEMITRION electronics. The modules use nrf51822 from
More informationBlackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc.
Blackjacking Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise Daniel Hoffman Wiley Publishing, Inc. Contents About the Author Acknowledgments Introduction Chapter 1 Understanding
More information! " Lecture 5: Networking for Games (cont d) Packet headers. Packet footers. IP address. Edge router (cable modem, DSL modem)
Lecture 5: Networking for Games (cont d) Special Send case: to NAT 123.12.2.10 network 192.168.1.101 17.4.9.33 192.168.1.100 123.12.2.[0-128] IP address 23.11.3.10 Edge router (cable modem, DSL modem)
More informationLecture 14 Passwords and Authentication
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication
More informationAssignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson
Project Whitepaper ITEC495-V1WW Instructor: Wayne Smith Jim Patterson Table of Contents 1. Abstract Page 3 2. Introduction Page 3 3. Analysis Page 4 4. Solution Discussion Page 7 5. Evaluation Criteria
More informationAll Your Locks are BLEong to Us
SESSION ID: SBX2-R2 All Your Locks are BLEong to Us Anthony Rose Student Air Force Institute of Technology Agenda Goals What is Bluetooth Low Energy? Vulnerable BLE Devices How can it be fixed? Summary
More informationWireshark ZigBee Sniffer
Z-Smart Systems UK Ltd Wireshark and the fin logo are registered trademarks of the Wireshark Foundation Page 1 Table of Contents Table of Contents... 2 Overview... 3 Wireshark... 3 Dongle Specific Sniffers
More informationIPv6- IPv4 Threat Comparison v1.0. Darrin Miller Sean Convery
IPv6- IPv4 Threat Comparison v1.0 Darrin Miller dmiller@cisco.com Sean Convery sean@cisco.com Motivations Discussions around IPv6 security have centered on IPsec Though IPsec is mandatory in IPv6, the
More informationThe dangerous Beauty of Bookmark Lookups
The dangerous Beauty of Bookmark Lookups Klaus Aschenbrenner Microsoft Certified Master SQL Server 2008 Twitter: @Aschenbrenner About me CEO & Founder SQLpassion International Speaker, Blogger, Author
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationVLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments
VLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments Dr. Ronny L. Bull, Ph.D. Utica College Nexus Seminar Series Nov 10th 2017 About Me Ph.D. in Computer Science from Clarkson
More informationDynamic program analysis
Dynamic program analysis Pierre.Girard@gemalto.com RE-TRUST workshop Meudon, March 19, 2009 Mission of the day Give an overview of tools and procedures for dynamic software analysis in an industrial security
More informationPreventing (Network) Time Travel with Chronos. Omer Deutsch, Neta Rozen Schiff, Danny Dolev, Michael Schapira
Preventing (Network) Time Travel with Chronos Omer Deutsch, Neta Rozen Schiff, Danny Dolev, Michael Schapira Network Time Protocol (NTP) NTP synchronizes time across computer systems over the Internet.
More informationTypes of Attacks That Can Be Carried Out on Wireless Networks
1 Types of Attacks That Can Be Carried Out on Wireless Networks Westley Hansen CS 4960 Dr. Martin May 7, 2015 2 Abstract Wireless Networks are very mainstream, it allows a way for computer devices to connect
More informationMaster Projekt 2. Autor: Heiner Perrey. Performance Analysis of Bluetooth Low Energy with Merkle s Puzzle. Date: May 20, 2012
Master Projekt 2 Autor: Heiner Perrey Performance Analysis of Bluetooth Low Energy with Merkle s Puzzle Date: May 20, 2012 Fakultät Technik und Informatik Studiendepartment Informatik Faculty of Engineering
More information22C3. December 30st 2005, Berlin, Germany. by Adam Laurie, Marcel Holtmann and Martin Herfurt. ... because infinite is sometimes not enough!
Bluetooth Hacking The State of the Art 22C3 December 30st 2005, Berlin, Germany by Adam Laurie, Marcel Holtmann and Martin Herfurt Agenda Quick technology overview Security mechanisms Known vulnerabilities
More informationNetwork Security. Network Vulnerabilities
Network Security Network Vulnerabilities 1 Attacks and the OSI Stack Stack layer Services Protocols Application; Presentation; Session Transport DNS SMTP TCP Network Routers IP Logic Physical Switches
More informationGetting Connected (Chapter 2 Part 4) Networking CS 3470, Section 1 Sarah Diesburg
Getting Connected (Chapter 2 Part 4) Networking CS 3470, Section 1 Sarah Diesburg Five Problems Encoding/decoding Framing Error Detection Error Correction Media Access Five Problems Encoding/decoding Framing
More informationUSER MANUAL Free2move Configuration Software
USER MANUAL Free2move Configuration Software BLUETOOTH is a trademark owned by Bluetooth SIG, Inc., U.S.A. and licensed to Free2move FCC-B Radio Frequency Interference Statement This deceive has been tested
More informationThe dark side of IOT. Francesco Zucca. Automation Instrumentation Summit Wireless Expert
Automation Instrumentation Summit - 2017 The dark side of IOT Francesco Zucca Wireless Expert 1 Agenda Introduction IIOT How to work WSN Typical hacker attack in WSN Issue with Drones Security Countermeasures
More informationBLUETOOTH MOVEMENT AND SHOCK LOGGER API DOCUMENTATION. Version 2.0.1
BLUETOOTH MOVEMENT AND SHOCK LOGGER API DOCUMENTATION Version 2.0.1 BLUE MAESTRO S STANDARD LICENSE AND DISCLAIMER Copyright 2016 Blue Maestro Limited. All Rights Reserved. The copyright in the software
More informationOutline. Mate: A Tiny Virtual Machine for Sensor Networks Philip Levis and David Culler. Motivation. Applications. Mate.
Outline Mate: A Tiny Virtual Machine for Sensor Networks Philip Levis and David Culler Presented by Mark Tamola CSE 521 Fall 2004 Motivation Mate Code Propagation Conclusions & Critiques 1 2 Motivation
More informationLOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS
LOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO KASPER, PIERRE PAVLIDES PRESENTED BY JACOB BEDNARD, WAYNE STATE UNIVERSITY CSC5991
More informationBackdooring the Front Door
Backdooring the Front Door About me Software Engineer by trade Hacker by passion Lock picker for fun The best puzzles are not meant to be solved All opinions are my own, and may not reflect those of my
More informationEnergy Efficient Mobile Compu4ng Building low power sensing devices with Bluetooth low energy. Simo Veikkolainen Nokia May 2014
Energy Efficient Mobile Compu4ng Building low power sensing devices with Bluetooth low energy Simo Veikkolainen Nokia May 2014 Bluetooth low energy Short range radio technology and protocol suite designed
More informationWireless Challenges : Computer Networking. Overview. Routing to Mobile Nodes. Lecture 25: Wireless Networking
Wireless Challenges 15-441: Computer Networking Lecture 25: Wireless Networking Force us to rethink many assumptions Need to share airwaves rather than wire Don t know what hosts are involved Host may
More information